Cisco :: 871 - Configuring Static Nat For Multiple Web Servers
Mar 13, 2012
I am trying to configure a Cisco 871 router.There are 3 servers on my network that need static public IPs but also still need to communicate on the local network.I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network with that IP which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.I can access those servers internally using the public IPs but not from outside the network. A traceroute from outside the network gets dropped when it gets to my ISP.I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to use static routes? Will that update the next hop's routing table? Do I need to make an ACL to permit any host to the servers? If so, do I use the internal or external address? [code]
i`m facing a problem configuring the mentioned access point to act as stand alone access point with multiple SSID assigned to differnet VLANs the problem is that
1) i`m not able to broadcast the both SSIDs in the same time from the Access point
2) i need to make the radius server to manage the SSID access for the wireless clients (trying to find a way in which the aceess point sends a log for the radius server containing the VLAN id /IP address of the the SSID) you may find the below info about the IOS ver. & the configuration?
Configuring static routing, how can i get a ping to go through a diff. route depending which host pinged? I want to ping host B from host A. Host A is connected to router1, which is connected to 2 other routers, router2 and router3. On the other end, routers 2 & 3 meet router4. Like a diamond topology. So basically routers 2 & 3 lead to the same place, router4, which is connected to host B. I need to configure static routing so that when I ping host B from A, both ping request and ping reply go through router1, 2, 4, host B, and back. THEN the part I dont understand, doing it the other way around: When I ping host A from host B, how can I get both ping request and ping reply to go through router4, THEN THROUGH ROUTER 3, then router1, then A, and back again to host B?
I have a old server that has custom apps developed by a bankrupt company that we can't replace yet. We are being tasked with upgrading the Operating System and security patches, while preserving the existing live server. I was able to accomplish this by virtualizing it, then cloning the virtual machine. Where I got stuck was, the custom app requires a specific host name. So, I got the idea to have the two servers live on different sides of the firewall until the test platform is accepted and the old live one can be retired.
My problem is that I have no experience with configuring a real firewall like this asa5510.
Servers are: CM1 live server CM2 test platform ADS Active Directory and File and Print
[code]....
I've started to carefully poke around in the Cisco ASDM-IDM, but haven't figured out how to access the DMZ from the outside (so far just testing with http as I don't have my certificate to setup https just yet). Am I missing something to get through to the DMZ from the WAN side?
We have 2 servers currently and are adding one next month. All need to be accessible using a different web address. We have setup a records for the 2 existing servers but cannot get NAT to work properly. We have a block of 5 IP's from FIOS. x.x.x.146-150 and have tried using 146 and 150 as the main WAN static IP with no success in getting the other address to communicate to the corresponding server.
What we need...
Server @ address 192.168.2.2 - SBS Server, standard SBS ports - currently working via port forwarding with WAN static of .150 Server @ address 192.168.2.3 - RDP, HTTP, HTTPS, and others. Some ports are the same as SBS. Trying to NAT .149 to this server. Server @ address 192.168.2.4 - RDP, HTTP, HTTPS, and others. Some ports are the same as SBS. Trying to NAT .148 to this server.
All servers are on VLAN 1 which has a static IP of 192.168.2.1. DHCP is controlled by SBS.
We upgrade our Internet service in our India office which required a new router. The local vendor suggested an 1841, so that is what we have. It has two fastethernet ports on it.
The ISP (Airtel) provided the following IP address information:
Public WAN IP : 122.181.23.200/30 WAN IP : 122.181.23.202SUBNET MASK : 255.255.255.252GATEWAY : 122.181.23.201Pri DNS : 125.22.47.125Sec DNS : 202.56.250.5
My system is in LAN. IP is assigned by DHCP. Now i want to assign a STATIC IP to my system. There is no direct connection from vendor router to my PC. My network path is like this. From ISP vendor to Switch->Firewall-> LAN switch. how can i configure Static IP in my PC..
I've replaced my dead ASA5505 with a 861-K9.Our ISP provides a subnet of public address /29 (wan side) by example: 200.200.200.xxx /29,we have 3 servers (lan side) in the example 10.1.1.xxx /24 is the same case than Johnatan, the only difference are the public addresses. [URL], everything is ok when NAT via the FE4 public address, but when do the same with other public IPs doesn't work.
I got the charge of a ASA 5510 running with 8.3(1) version.Found that this is simple config with Patting for inside host and couple of Static Nat for web servers and FTP server as well.
There is lots of other configuration being done,I assume for the purpose of just R&D by the previous administrator.I need to understand if the following Nat statements holding any relevance?
Where we are running Only NETWORK_OBJ_192.168.0.0/23 subnet at inside and there is no other subnet defined in rest of the statements.i.e 10.0.0.0/27 and 192.168.1.128/27 doesn't exist at all.
Currently on ACS 5.2 and our MS Active Directory is migrating to a completely new domain. There will be a two way trust between them for the 24 month migration period. How best to configure ACS connect to both domains?
I want to set up a WiFi internet connection for a campus. I plan to use 4 routers. the first one is directly connected to the internet. I want to share internet access wirelessly with the other routers. Each of the routers should be a hotspot for each of the four blocks in the campus.
I'm trying to troubleshoot a wireless network at an Inn which is shared among three buildings. The internet at the main building works fine.
However there is a WDS set up for the other two houses that are part of the property. The network is a bit of a mess IMO. The main problem is that routers on the end of the WDS chain work for awhile after booting, but frequently stop issuing IPs. When a device tries to connect it says unable to configure IP or something like that. Rebooting the router always fixes the problem.
My networking knowledge is very limited but I think some settings must be incorrect. I will try to described the setup here..
All of the following routers are WRT54G's with DDWRT
Main router: 192.168.1.1 [different SSID that WDS], all routers forward DHCP to this router WDS router 192.168.1.3 at main building is connected to an cantenna that shoots the signal over to 1st house. Gateway & Local DNS set to 192.168.1.1 WDS router 192.168.1.4 at that house is the main AP for that house and gets its signal from 1.3's cantenna. Gateway & Local DNS set to 192.168.1.3 WDS router 192.168.1.5 under the deck at the 1st house picks up that signal from 1.4 and uses a cantenna to send it to the 2nd house. Gateway & Local DNS set to 192.168.1.4 WDS router 192.167.1.6 under the deck of the 2nd house gets the signal from 1.5's cantenna. Gateway & Local DNS set to 192.168.1.5
The IP configuration problems happen at the 2nd house with 192.168.1.6. I believe 1.5 also has IP configuration problems but that router is not used other than to transmit to 1.6. Again rebooting the router fixes the issues temporarily. It works for a couple days up to a couple weeks before the IP problems start.
Mac addresses for the WDS are set of course. I have been trying to experiment with settings for awhile, but do not really know what I am doing. I am not the one who set this up.
Also under the Advanced Routing tab,here are the Static Routing settings: 192.168.1.3: Destination LAN NET: 192.168.1.0, Gateway: 192.168.1.1 192.168.1.4: Destination LAN NET: 192.168.1.3, Gateway: 192.168.1.1 192.168.1.5: Destination LAN NET: 192.168.1.4, Gateway: 192.168.1.3 192.168.1.6: Destination LAN NET: 192.168.1.5, Gateway: 192.168.1.4
Update: looks like STP should be enabled for WDS? Going to try enabling that I guess.
i have the following scenario that i'm requesting you guys verify if it will work.I have a 3550 catalyst switch running EMI and an auotomous 1131AG aironet ap, i have two dhcp pools already setup on the switch one for the LAN and the other for the wireless clients.There are two vlans on both the switch and ap for LAN and wireless clients.I have already setup multiple SSID's to be broadcasted from the AP, is there a way i can bind one SSID to the lan dhcp pool and the other to the wireless clients dhcp pool?
I am struggling to get our 887VA setup for our config.
We have a public IP range from our ISP and we have multiple servers behind our router. One of the servers need large ranges of ports open so I have ended up trying to use a ‘rotary’ nat pool which works fine but I cannot get the other servers to NAT correctly on their ports. It seems the rotary takes over.
Here is a snip of my config.
interface Ethernet0no ip addressshutdown!interface ATM0no ip addressno atm ilmi-keepalive!interface ATM0.1 point-to-pointpvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1!!interface FastEthernet0description Private LANno ip
Is it possible to have 2 IP addresses on wan and setup specific routing rules for each IP ? Or do I need to use another router for that and if which one ?
I have a FTP server at my local network and i have natted the private IP with my Public IP using default FTP Port ( 21) , now i have created Diffrent FTP Account in my server using port 2121 and i am able to login using the private IP with port 2121 , now i want to nat with my public IP with port 2121 and i failed,
1) 125.x.x.x --------- 10.10.1.x : 21 ( Able to access from external network)
2) 125.x.x.x ---------- 10.10.1.x : 2121 ( not able to login from external network and able to login internally )
I have a list of servers that will be migrated from one subnet to another. Is there a script that can take my file that has the server name and the new IP address and modify the existing servers' network from the list? I want to place the script on the servers before I am ready to change subnets for preparation.
When I'm pinging my mail server, it gave me different IP's at different times. As the mail server is actually owned by us, I would like to know if that is possible without the IP actually being changed by someone.
Redirecting a Domain to a IP:Port I host game servers for friends and strangers alike, but i'd like to make it easier for them all and give them dedicated IPs. Right now I include domain redirecting, but to connect to their server, they have to put in "example.com:xxxxx", x meaning their servers dedicated port. Is there any way that I can redirect a domain directly to "IP:Port"?
I am fairly new to the Cisco world and aim to take my CCNA in the coming months.I am now working with a customer who has several Cisco 857 (UK PPPOA ADSL over POTS)The have sonicwall firewall VPN devices that needs to have one block of 8 static ip addreses from the ISP at each site.The current configurations use the network address on the VLAN interface use Static NAT to a private IP address to connect to port 23 on the VLAN interface. Why would you set up the router this way?,I thought that from a block of 8 IPs the first would be the network address the last the broadcas address, one for the router (on the VLAN interface) leaves 5 usable for the hosts attached to the ethernet ports on the VLAN.
I am setting up a Cisco ASA 5505 first time for My organisation, I usually setup Cisco Router, I have 10 Static IP, & Have 6 Server (S-1, S-2, S-3, S-4, S-5, S-6), Traffic Should be pass through the ASA and is distributed to the destination server that is specified in the packet. LAN servers can be separated into discrete networks for security. For example, a private LAN for internal traffic accessed only via remote dial-in VPN sessions and Want to Configure DMZ for Server (S-4, S-5, S-6) that allows public web traffic.
I have Attached My Network Diagram I have some question,
1:- Can we Configure Multiple Static IP On ASA 5505 ?
2:- If Diagram is wrong what change need to be done ?
I am trying to configure a Cisco 871 router.I have 3 servers on my network that need static public IPs but also still need to communicate on the local network.
I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.
I can access those servers internally using the public IPs but not from outside the network. A tracroute from outside the network gets dropped when it gets to my ISP.
I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to set up static routes? Will that update the next hop's routing table?
We have a need for an inside address to have more than one static NAT outside addresses. I know this wasn't possible before 8.3.X code. I still can't quite get it to work with 8.4.X code yet.
our inside network is 10.17.197.X/24. the current NAT we have in place is 10.21.197.X/24.
we need to add an additional NAT of 10.22.197.X/24 and I also have networks that will need to hit the address with no NAT.
I do know the source networks where I need each of the three cases:
from 172.20.X.X I need to hit the inside of 10.17.197.X natively, no NAT. from 192.168.X.X i need to hit the inside of 10.17.197.X with 10.21.197.X NAT from 10.10.X.X I need to hit the inside of 10.17.197.X with 10.22.197.X NAT
I need to replace an ASA with an IOS firewall router, and am not sure how to migrate the NAT configuration. Specifically, there is an interface "3rdparty" that has onward connectivity to other private addresses, so our internal addressing is hidden. For some reason there are static NAT rules in different directions across the interface, but at present I cannot see why. Thinking in router terms, all that springs to mind is the inside and outside tags for the interfaces, but also that it might need "overlapping" NAT to be configured.
I would like to configure a 3750 switch port to be able to use two vlans. I know you can do this with a voice and data vlan, but what about two data vlans ? Say I have two devices, one on a 10 subnet and the other on a 172 subnet, but i only have one wall jack for both devices to plug into. So I use a mini switch to connect both devices and connect the switch to the wall jack; and of course this all leads back to one switch port. When I go to enter the switchport access vlan 172 cmd, how would I also make it so the device on the 10 subnet could route out ?
I would like to setup multiple DMZs for our hosting servers. Currently there is a single DMZ in which our reverse proxy servers are connected using a public IP address. The idea is to have the reverse proxy forward the request from the Internet to the hosting servers in another DMZ. The purpose of the hosting DMZ is to protect it from the outside as well as from the inside. There will also be a development DMZ where we can test content prior to going live with the website.
Network: We currently have two Cisco 6509's (Core) with a FWSM in each running active/stanby configuration. There is a 10Gb Fiber connection between each Cisco switch to two Cisco 4948s (Top of Rack Switches). I can either setup OSPF or Trunking between the core and top of rack switches. The Cisco 4948s will support VLAN 7 (hosting DMZ 10.0.7.0/24) and VLAN 8 (development DMZ 10.0.8.0/24). Each webserver is connected to both Cisco 4948 for redundancy.
Question: If I have a single interface connecting both VLANs 7 and 8, either through Layer 2 or 3, then how can pass both DMZ traffic to the appropriate servers? The reason why the servers are in the same rack connected to the same two switches is that we are using Blade Servers and VMWare.
I am at a loss on configuring a new ASA5505 for multiple static port translations.I would have expected to simply add several service command to a network object to complete the task, however, the service command overrides the previous and replaces rather than adds to the translations. [code] However, if entered in that order the 8443 overwrites the 8080 static translation.What is the correct procedure to establish multiple translations? If someone could also provide the "old" style for pre 8.2 release, I'd like to compare because I thought I used to do this with an access-list somewhere.
I have 8 RVs4000's to built a test system with. On each side of the network is 2 servers, both with 2 NIC's. Both are on different /24 networks.
The idea is to simulate a WAN link, with the RVS4000's G1 & G2 running in "Gateway" mode to simulate the WAN. All other RVS4000's will be in Router mode ('R1,R2...etc..') All networks in /24 range. As I understand it, the RVS4000 CANNOT take 2 diverse networks on the LAN side: - ie 192.168.168.1 & 10.1.1.1 on the LAN side. The NIC's on the server only need to communicate to the similar type of addresses on the other side - 192.168.168.1 on server 1 to 192.168.170.2 on server 2, but NOT 192.168.168.1 to 10.1.2.1 on server 2. The G1 & G2 link is so that all communications are routed between this link - as a testing point.
So, my questions are this: 1) Will this work? Is there any easier way of doing this? (Bear in mind this is the only equipment i have to do this). 2) Is the static routing I have thought of work? (see below)
I know using the RVS4000's inbuilt RIP may be easier, but I've never configured RIP routing. As this is a test environment, using static routing would be enough to get it going. No security lock down is required, all I'm trying to enable is for the servers to communicate with each other (NIC1 on both servers e.g 10.1.1.1 on server 1 to 10.1.2.1 on NIC 1server 2, and NI 2 on server 1 192.168.168.1 to NI 2 on server 2 192.168.170.1) The 10.1.x.x networks DO not need to talk to the 192.168.x.x networks. THe G1 & G2 link is just for testing - but all communications must pass through here and be routed to their relevant networks on the other side.
I am trying to set up my ASA5510 the fail over of ISP when it can't ping three different IP. I create three different tracking to three different IP using sla monitor & track rtr. But when I do
the last route will replace the previous two and only the last route command takes effect.Is there anyway I can set up the fail over to ISP2 only when it can't ping three different IP from ISP1?
I've got a server that is connected to the network through one physical ethernet adapter. From my ISP, I got 4 static, public IP adresses, one of which is in use on the Host-Server itself, the remaining three each on a virtualized server. All 4 Servers are running on the same machine.Everything is running smoothly, however, I need to do some Bandwidth Management and Port Mapping, this is why I bought a ZyWall USG20, thinking it would be perfectly capable of doing what I need. is it possible, with a ZyWall USG20, to have all my four IP adresses being forwarded to the one physical machine, and apply some bandwith shaping and port mapping to it?